edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-07-2023 14:28

Target

SecuriteInfo.com.Win32.PWSX-gen.10084.1111.dll
Size

14KB
MD5

f3fdd4b1c32be9414c5b8709d25f2c9b
SHA1

ab90b5e3599a81d7e27d568fb986c09e398f1d00
SHA256

edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057
SHA512

92234f1829a5aed8e02ccd06d850de439889d6757ce00cedbd83177b691bfb5c9458c3d334f474ccde9ddf76be1b4b2e80735fd34d9753dcc62fa92afbaa6de5
SSDEEP

384:FeK7ut3TtJLQb5z8T5abu6yaKCOzswLNQFMD1:IxTtVQ98lfWOzswLWC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28
PID 1632 wrote to memory of 1816	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.1111.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.1111.dll,#1
  2⤵
  PID:1816